ESET Online Help

Search English
Select the topic

Troubleshooting

Service does not work

I have configured ESET LiveGuard Advanced, but it is still not working

How to get logs?

I do not see some submitted files in ESET PROTECT Web Console

Behavioral flags do not seem to be correct

How can I exclude a detected file from being moved to the Quarantine?

What if the license expires?

What if the Status field in the Submitted files window is empty?

ESET PROTECT On-Prem is not downloading the ESET LiveGuard Advanced data

Results are missing for submitted files in the ESET PROTECT Web Console

What if I am getting "Sent to LiveGrid" status for files submitted to ESET LiveGuard Advanced

The product refuses my ESET LiveGuard Advanced license

I am getting one of the following error messages under Computer Details > Alerts

Files sent to ESET LiveGuard Advanced do not display in Web Console

I have a suspicious sample, what should I do?

Activation of ESET LiveGuard Advanced fails


Service does not work

Verify ESET LiveGuard Advanced is activated and configured.

Also, verify the following items:

Is the ESET LiveGuard Advanced license used?

Is the ESET LiveGuard Advanced Policy applied?

I have configured ESET LiveGuard Advanced, but it is still not working

Verify there is a working network connection between the ESET Management Agent and the ESET PROTECT Server.

View connectivity issues between the remote management server and ESET LiveGuard Advanced directly in the Web Console in Dashboards > ESET PROTECT Server > ESET PROTECT On-Prem network peers with problems.

You can also check the HTTP Proxy settings in ESET PROTECT Settings.

Collect the log files

You can review the log files section in the ESET PROTECT On-Prem Online Help guide.

I do not see some submitted files in the Web Console

This is typical behavior if you are using a roaming endpoint.

Behavioral flags do not seem to be correct

If the reported behavioral flag does not seem to be correct, you can:

Report it to ESET support or send the sample to samples@eset.com. See our article about submitting samples.

Visit the ESET Security Forum and consult the ESET community for information about issues you may encounter.

How can I exclude a detected file from being moved to the Quarantine?

If you are sure that the detected file is safe, you can whitelist it.

What if the license expires?

When the ESET LiveGuard Advanced license expires, you are still able to submit suspicious files for malware analysis. However, you will not receive the file analysis results or the file behavior report.

What if the Status field in the Submitted files window is empty?


note

Are you a user of ESET PROTECT?

This troubleshooting method is for users of on-premises remote management console ESET PROTECT On-Prem.

1.Check the Dashboard (in your remote management console) as described here: I have configured the ESET LiveGuard Advanced, but it is still not working

2.Click Reports > Audit and License Management > Audit log > Generate and download > PDF. You can attach this log when requesting support from ESET Technical Support or inspect it for yourself.

 

If there are ESET LiveGuard Advanced related errors or problems, get the trace logs and contact ESET Technical Support (see the steps below). Otherwise, you can restart the results retrieval process at the remote management server.

How to get the trace log:

1.To enable trace verbosity logging in the Web Console, click More > Settings > Advanced Settings > Logging > Trace log verbosity > Trace.

2.Restart the ESET PROTECT On-Prem service or the machine and wait 15 - 20 minutes.

3.Logs are located on the ESET PROTECT Server machine:

I.Windows: C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs

II.Linux: /var/log/eset/RemoteAdministrator/Server/

protect_trace

How to restart the download of the ESET LiveGuard Advanced results

Restart the data retrieval process on the ESET PROTECT Server. A restart can help when the Server is not downloading new data from the ESET cloud, or the download is too slow.

1.Turn off the ESET PROTECT Server service.

2.Log in to the ESET PROTECT database using SQL Server Management Studio or the MySQL client on Linux systems.

3.Modify the table tbl_key_value_pairs in the ESET PROTECT database:
 
When using SSMS, open the table and remove the line containing the string eset-dynamic-threat-detection-customers
 
When using MySQL, open the database and execute the command delete from tbl_key_value_pairs where pair_key = 'eset-dynamic-threat-detection-customers';
 
When using ESET PROTECT Virtual Appliance:

a)Log in to the Terminal on the virtual machine where the appliance is running.

b)Log in to the database: mysql -u root -p era_db

c)Type the password. It is usually the same as your Web Console Administrator's password.

d)Run the following command:
delete from tbl_key_value_pairs where pair_key = 'eset-dynamic-threat-detection-customers';
 

4.Turn on the ESET PROTECT Server and do not restart or switch it off for 24 hours.

Results are missing for submitted files in the ESET PROTECT Web Console

Possible causes:

ESET LiveGuard Advanced was activated using a license key instead of an EBA account

Solution:

1.Remove the current license from ESET PROTECT On-Prem

2.Add the license eligible for ELGA to ESET Business Account

3.Add the license using the EBA account to ESET PROTECT On-Prem

4.Re-activate ESET LiveGuard Advanced for the client

5.Restart the ESET PROTECT server service

What if I am getting "Sent to LiveGrid" status for files submitted to ESET LiveGuard Advanced

Possible causes:

The file or spam email you submitted was already detected.

The ESET LiveGuard Advanced license was not imported using EBA but was directly imported to the security product or the remote management console.

 

To enable sending files to ESET LiveGuard Advanced:
 

1.Remove the license from your License Management.
 
troubleshooting_2
 

2.Import your license to EBA.

3.Synchronize your EBA with your remote management Server (ESET PROTECT On-Prem).

4.Certain modules need to be reloaded on client machines. There are two options to reload modules:

Wait for a few hours until the modules are reloaded.

For immediate reload, you can "restart" ESET LiveGuard Advanced on clients. To restart, send a deactivation policy for ESET LiveGuard Advanced, and when the policy is applied, send another one for activation.

The product refuses my ESET LiveGuard Advanced license

After typing your ESET LiveGuard Advanced license key in the Web Console, you received the following error message:

oFailed to add license by license key: License is issued for a product that can not be managed with ESET PROTECT On-Prem. Please enter a different license.

After typing your ESET LiveGuard Advanced license key directly in the security product, you received the following error message:

oActivation failed. License and product do not match.
 

The license must be typed only via EBA. Read more about importing the license.

I am getting one of the following error messages under Computer Details > Alerts

Problem

Problem detail

Cause and solution

ESET LiveGuard Advanced is not accessible

ESET LiveGuard Advanced is not working. Connection to authentication servers failed.

The ESET license servers are not accessible.

Firewall (another setting) is blocking the communication.

The service is temporarily unavailable.

Check your firewall settings.

ESET LiveGuard Advanced is not accessible

ESET LiveGuard Advanced license has expired.

Your ESET LiveGuard Advanced license was functional and is now expired. Renew the license or disable the ESET LiveGuard Advanced setting in the policy.

ESET LiveGuard Advanced is not accessible

The ESET LiveGuard Advanced servers cannot be reached. This could be due to an outage or a problem with the network connection.

Your machine cannot reach ESET LiveGuard Advanced servers. This is usually caused by a proxy service failure. Try to restart your proxy service. If the problem persists, the proxy could be overloaded. You can:

Divide the load from agents to more proxies

Upgrade hardware on the proxy machine

Use the Apache HTTP Proxy 64-bit build (if you are using the 32-bit, and your system is x64 architecture)

Temporarily stop using the proxy to confirm that it is causing the issue

If you are using Apache HTTP Proxy, you can move to ESET Bridge.

Web Console is not showing any results

Analysis results are not delivered to the ESET PROTECT Server.

The HTTP Proxy could be overloaded. Try moving the HTTP Proxy to a different server or/and adding more resources. When you move the HTTP Proxy to a new address, you need to update the endpoints' policy too.

ESET LiveGuard Advanced is not accessible

ESET LiveGuard Advanced offline license error.

ESET LiveGuard Advanced does not support offline license activation. Check your license.

ESET LiveGuard Advanced is not accessible

ESET LiveGuard Advanced is not working. Unknown authentication error.

ESET authentications servers are not reachable from the client machine. Verify you can reach edf.eset.com.

Files sent to ESET LiveGuard Advanced do not display in the Web Console

If your OS—usually an earlier Windows Server—does not trust the ts.eset.com certificate, files are not sent to the ESET LiveGuard Advanced servers. To fix this trust issue, import DigiCert Global Root G2 and Thawte TLS RSA CA G1 root certificates to your operating system.

The Web Console can display submitted files only when the client Management Agent is connecting (replicating) to the ESET PROTECT Server. Files submitted from roaming endpoints are displayed after the Agent connects the Server again.


important

When using ESET LiveGuard Advanced in an enterprise-level environment (hundreds of machines or more), we recommend deploying HTTP Proxy on a dedicated server. Running the HTTP Proxy service on a heavily utilized server (e.g., besides the ESET PROTECT Server or database) may result in ESET LiveGuard Advanced connection problems.

You can exclude selected folders and processes to decrease the number of submitted files and improve the overall performance.

I have a suspicious sample, what should I do?

See the Recommendations for users with a suspicious sample.

Activation of ESET LiveGuard Advanced fails

If you have added a license via License Key and then converted to a cloud protection tier, you will see ESET LiveGuard Advanced license in the Console, but the activation would fail. You need to remove the protection tier from license management and add it via EBA.